C# <allow verbs="POST"> and <deny verbs>?
Posted on 2007-10-20
I used <allow verbs="POST"> and <deny verbs="GET"> in my web.config to prevent GET methods being used in the application. However the authorisation didn't work properly. I was wondering how is the implementation of allow verbs and deny verbs? Does the implementation only check the first word of the HTTP request?
2) Interestingly, I used Burp Proxy to catch the request and manually change the GET request to POST request. However, what I did notice is that when I printed Response.Write(Request.RequestType.ToString()); even after I changed the GET request to POST request manually e.g there is no word GET request. It still printed as "GET". Any idea why this is the case?